Fedora Atomic and Docker Host Image [was Re: Docker Host Image: Requirements?]

Josh Boyer jwboyer at fedoraproject.org
Tue Mar 11 12:56:50 UTC 2014


On Tue, Mar 11, 2014 at 8:41 AM, Matthew Miller
<mattdm at fedoraproject.org> wrote:
> On Tue, Mar 11, 2014 at 08:19:38AM -0400, Josh Boyer wrote:
>> So we're already smaller than Ubuntu.  Size is one of the things we've
>> been told is key to adoption in the cloud.  If we're already smaller,
>> and Ubuntu is more widely adopted, I don't see that holding true.
>> What am I missing, or is the "we need a smaller kernel package" thing
>> somehow trying to pull the wool over my eyes?
>
> Oh, it absolutely remains nice to have, and by "nice" I mean "awesome".
>
> If we can improve all four of the big size consumers (python, kernel,
> modularized docs, modularized i18n), it'll go from "on par" to actually
> being an advantage. And even if we can't get to that for a while,
> improvement is still improvement, and when I said size isn't the primary
> driver, I certainly didn't mean to imply that it's not an important one.
>
> Since isn't the only driver for the kernel work you're doing either, I don't
> think. Another big advantage is that the modularized drivers will allow us
> to skip out-of-schedule updates for security updates in the driver package.

Erm.. only if you manually pay attention to where the driver is for a
particular CVE.  It's a subpackage, not a separate package.  As far as
I know, the yum security metadata thing applies to packages as an
entire set, not each subpackage.  I believe that means when we build a
kernel for a CVE fix, you're still going to see a kernel-core update
available being marked as a security fix.

josh


More information about the cloud mailing list